CVE-2019-20407

CVE Database · CVE-2019-20407

CVE-2019-20407

· MEDIUMModified

CVSS v3.1

4.3

EPSS

1.20%

Published

Mar 17, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-862

Affected Products (6)

atlassian · jira_data_center (up to 8.5.3)vulnerable

atlassian · jira_data_center (up to 8.6.1)vulnerable

atlassian · jira_data_center (up to 8.7.0)vulnerable

atlassian · jira_server (up to 8.5.3)vulnerable

atlassian · jira_server (up to 8.6.1)vulnerable

atlassian · jira_server (up to 8.7.0)vulnerable

References (2)

https://jira.atlassian.com/browse/JRASERVER-70599

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-70599

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs